Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warning: "OPENSSL_FIPS" is not defined, evaluates to 0 [-Wundef] #620

Closed
junaruga opened this issue May 16, 2023 · 1 comment · Fixed by #621
Closed

Warning: "OPENSSL_FIPS" is not defined, evaluates to 0 [-Wundef] #620

junaruga opened this issue May 16, 2023 · 1 comment · Fixed by #621

Comments

@junaruga
Copy link
Member

junaruga commented May 16, 2023
edited
Loading

This issue was reported at the c5b2bc1 . Sorry it's my bad.

I was able to reproduce it on my local on Fedora 37.

Install OpenSSL 1.1.1t where that is less than OpenSSL 3, and the OPENSSL_FIPS macro is not defined.

$ git remote -v
origin	https://github.com/openssl/openssl.git (fetch)
origin	https://github.com/openssl/openssl.git (push)

$ git checkout OpenSSL_1_1_1t

$ ./Configure \
  --prefix=$HOME/.local/openssl-1.1.1t-debug \
  --libdir=lib \
  shared linux-x86_64 \
  -O0 -g3 -ggdb3 -gdwarf-5

$ make -j$(nproc)

$ LD_LIBRARY_PATH=$HOME/.local/openssl-1.1.1t-debug/lib/ \
  $HOME/.local/openssl-1.1.1t-debug/bin/openssl version -a
OpenSSL 1.1.1t  7 Feb 2023
built on: Tue May 16 19:40:34 2023 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)-
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O0 -g3 -ggdb3 -gdwarf-5 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/home/jaruga/.local/openssl-1.1.1t-debug/ssl"
ENGINESDIR: "/home/jaruga/.local/openssl-1.1.1t-debug/lib/engines-1.1"
Seeding source: os-specific

$ bundle install --standalone
  
$ bundle exec rake compile -- \
  --with-openssl-dir=$HOME/.local/openssl-1.1.1t-debug \
  --with-cflags="-Wundef"
mkdir -p tmp/x86_64-linux/openssl/3.2.1
cd tmp/x86_64-linux/openssl/3.2.1
/usr/local/ruby-3.2.1/bin/ruby -I. -r.rake-compiler-siteconf.rb ../../../../ext/openssl/extconf.rb -- --with-openssl-dir=/home/jaruga/.local/openssl-1.1.1t-debug --with-cflags=-Wundef
...
gcc -I. -I/usr/local/ruby-3.2.1/include/ruby-3.2.0/x86_64-linux -I/usr/local/ruby-3.2.1/include/ruby-3.2.0/ruby/backward -I/usr/local/ruby-3.2.1/include/ruby-3.2.0 -I../../../../ext/openssl -DRUBY_EXTCONF_H=\"extconf.h\" -I/home/jaruga/.local/openssl-1.1.1t-debug/include    -fPIC -Wundef  -o ossl.o -c ../../../../ext/openssl/ossl.c
../../../../ext/openssl/ossl.c: In function ‘ossl_fips_mode_get’:
../../../../ext/openssl/ossl.c:425:7: warning: "OPENSSL_FIPS" is not defined, evaluates to 0 [-Wundef]
  425 | #elif OPENSSL_FIPS
      |       ^~~~~~~~~~~~
../../../../ext/openssl/ossl.c: In function ‘ossl_fips_mode_set’:
../../../../ext/openssl/ossl.c:460:7: warning: "OPENSSL_FIPS" is not defined, evaluates to 0 [-Wundef]
  460 | #elif OPENSSL_FIPS
      |       ^~~~~~~~~~~~
../../../../ext/openssl/ossl.c: In function ‘Init_openssl’:
../../../../ext/openssl/ossl.c:1218:7: warning: "OPENSSL_FIPS" is not defined, evaluates to 0 [-Wundef]
 1218 | #elif OPENSSL_FIPS
      |       ^~~~~~~~~~~~
...
cp tmp/x86_64-linux/openssl/3.2.1/openssl.so tmp/x86_64-linux/stage/lib/openssl.so

$ echo $?
0

I was not able to reproduce this issue on the CI. Perhaps the warnings are not printed when the mkmf V equals 0?

Here is the result on my local.

$ grep '^V =' /usr/local/ruby-3.2.1/lib/ruby/3.2.0/mkmf.rb 
V = #{CONFIG['MKMF_VERBOSE']}

$ grep -r MKMF_VERBOSE /usr/local/ruby-3.2.1/lib/ruby/3.2.0/x86_64-linux/rbconfig.rb 
  CONFIG["MKMF_VERBOSE"] = "1"
@junaruga junaruga mentioned this issue May 16, 2023
Merged
This was referenced May 19, 2023
Closed
Merged
@junaruga
Copy link
Member Author

junaruga commented May 23, 2023
edited
Loading

I was not able to reproduce this issue on the CI. Perhaps the warnings are not printed when the mkmf V equals 0?

After enabling the verbose mode on the master branch by the commit a832f5c, I tested with debugging patch below to print a compiler warning. And it was printed on CI. I don't know why I couldn't reproduce this on the CI.

diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 81069c8..d49cbe4 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -418,7 +418,9 @@ static VALUE
 ossl_fips_mode_get(VALUE self)
 {
 
-#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+#if FOO_BAR
+    return Qfalse;
+#elif OSSL_OPENSSL_PREREQ(3, 0, 0)
     VALUE enabled;
     enabled = EVP_default_properties_is_fips_enabled(NULL) ? Qtrue : Qfalse;
     return enabled;

https://github.com/junaruga/openssl/actions/runs/5057575581/jobs/9076516980#step:6:84

../../../../ext/openssl/ossl.c:421:5: warning: "FOO_BAR" is not defined, evaluates to 0 [-Wundef]
  421 | #if FOO_BAR
      |     ^~~~~~~

This was referenced May 24, 2023
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix warnings about the OPENSSL_FIPS macro in OpenSSL 1.1. junaruga/ruby-openssl
1 participant
@junaruga